fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e

Analysis

max time kernel
148s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
25-12-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm.elf
Size

69KB
MD5

1c8686e609976827983dab7cd41e087d
SHA1

142215e0a19e7f7cb11bf7d2ab951cee19f5ea91
SHA256

fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e
SHA512

80e625d9c9092ac0c0edc15020afac7d5bac0e9336e9cad927dc9bced017b53c3c1a9f4f6d4d38131f1eefff89ebfbd2861d8a2b38b21cd10dfb42205eabaceb
SSDEEP

1536:ID3wQHwUsadWweG3xDtab2VwCvHwGZ7eRAFqdoIh0/n7GF2kvEn6:0VQU9Wkhab8wCvQIKaFqdok0/n7GdEn6

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
661	arm.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	662	arm.elf
Changes the process name, possibly in an attempt to hide itself	nginx	663	arm.elf
Changes the process name, possibly in an attempt to hide itself	sshd	665	arm.elf
Changes the process name, possibly in an attempt to hide itself	inetd	664	arm.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/20/cmdline	arm.elf
File opened for reading	/proc/23/cmdline	arm.elf
File opened for reading	/proc/26/cmdline	arm.elf
File opened for reading	/proc/266/cmdline	arm.elf
File opened for reading	/proc/454/cmdline	arm.elf
File opened for reading	/proc/658/cmdline	arm.elf
File opened for reading	/proc/787/cmdline	arm.elf
File opened for reading	/proc/7/cmdline	arm.elf
File opened for reading	/proc/21/cmdline	arm.elf
File opened for reading	/proc/270/cmdline	arm.elf
File opened for reading	/proc/509/cmdline	arm.elf
File opened for reading	/proc/669/cmdline	arm.elf
File opened for reading	/proc/797/cmdline	arm.elf
File opened for reading	/proc/136/cmdline	arm.elf
File opened for reading	/proc/10/cmdline	arm.elf
File opened for reading	/proc/12/cmdline	arm.elf
File opened for reading	/proc/27/cmdline	arm.elf
File opened for reading	/proc/309/cmdline	arm.elf
File opened for reading	/proc/653/cmdline	arm.elf
File opened for reading	/proc/659/cmdline	arm.elf
File opened for reading	/proc/732/cmdline	arm.elf
File opened for reading	/proc/4/cmdline	arm.elf
File opened for reading	/proc/777/cmdline	arm.elf
File opened for reading	/proc/14/cmdline	arm.elf
File opened for reading	/proc/29/cmdline	arm.elf
File opened for reading	/proc/168/cmdline	arm.elf
File opened for reading	/proc/660/cmdline	arm.elf
File opened for reading	/proc/725/cmdline	arm.elf
File opened for reading	/proc/9/cmdline	arm.elf
File opened for reading	/proc/15/cmdline	arm.elf
File opened for reading	/proc/353/cmdline	arm.elf
File opened for reading	/proc/656/cmdline	arm.elf
File opened for reading	/proc/664/cmdline	arm.elf
File opened for reading	/proc/781/cmdline	arm.elf
File opened for reading	/proc/791/cmdline	arm.elf
File opened for reading	/proc/8/cmdline	arm.elf
File opened for reading	/proc/17/cmdline	arm.elf
File opened for reading	/proc/269/cmdline	arm.elf
File opened for reading	/proc/284/cmdline	arm.elf
File opened for reading	/proc/301/cmdline	arm.elf
File opened for reading	/proc/759/cmdline	arm.elf
File opened for reading	/proc/2/cmdline	arm.elf
File opened for reading	/proc/25/cmdline	arm.elf
File opened for reading	/proc/789/cmdline	arm.elf
File opened for reading	/proc/24/cmdline	arm.elf
File opened for reading	/proc/647/cmdline	arm.elf
File opened for reading	/proc/793/cmdline	arm.elf
File opened for reading	/proc/22/cmdline	arm.elf
File opened for reading	/proc/149/cmdline	arm.elf
File opened for reading	/proc/265/cmdline	arm.elf
File opened for reading	/proc/616/cmdline	arm.elf
File opened for reading	/proc/28/cmdline	arm.elf
File opened for reading	/proc/5/cmdline	arm.elf
File opened for reading	/proc/204/cmdline	arm.elf
File opened for reading	/proc/508/cmdline	arm.elf
File opened for reading	/proc/665/cmdline	arm.elf
File opened for reading	/proc/773/cmdline	arm.elf
File opened for reading	/proc/785/cmdline	arm.elf
File opened for reading	/proc/1/cmdline	arm.elf
File opened for reading	/proc/13/cmdline	arm.elf
File opened for reading	/proc/43/cmdline	arm.elf
File opened for reading	/proc/107/cmdline	arm.elf
File opened for reading	/proc/108/cmdline	arm.elf
File opened for reading	/proc/654/cmdline	arm.elf

/tmp/arm.elf
/tmp/arm.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:661

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads